| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mit Trojan.DNSChanger begann es...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.09.2009, 00:01
| #1 |
| |  Mit Trojan.DNSChanger begann es... Hallo, ich schreieb hier, weil es zeitlich das letzte Board ist, was sich mit dem Trojaner.DNSChanger beschäftigt. Ich erhoffe mir Hilfe von Euch. Ich habe mich registrieren lassen, weil ich ein Trojan.DNSChanger-Codec auf meinem Rechner habe und ihn mit SUPERAntiSpyware und Malwarebytes-Antimalware zwar runterbekommen habe, aber immer wieder drauf. Ihr wißt ja, wovon ich rede. Ich habe dieses Posting (heißt das so?) gelesen und dann mich an die Abfolge zu halten: CCLeaner und dann combo.fix und dann noch Hijack-this als logfile(? Leider beherrsche ich die Fachausdrücke nicht). Hier: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:20:15, on 19.09.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\TpShocks.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Picasa2\PicasaMediaDetector.exe C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Programme\Lenovo\AwayTask\AwaySch.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\ThinkVantage\AMSG\Amsg.exe C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\DOKUMENTE UND EINSTELLUNGEN\KLAUS TSCHORN\DESKTOP\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [cssauth] "C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A34794-FB50-404B-98E1-DCC61215481A}: NameServer = 192.168.122.252,192.168.122.253 O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- End of file - 12641 bytes Was sagt Euch das? |
|
19.09.2009, 00:03
| #2 |
| | Mit Trojan.DNSChanger begann es... Hallo,
__________________Und hier das logfile von combo fix: ComboFix 09-09-18.02 - Klaus Tschorn 18.09.2009 23:59.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.502.161 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Klaus Tschorn\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\Gmail c:\dokumente und einstellungen\Klaus Tschorn\Lokale Einstellungen\Anwendungsdaten\awdamzvc.dat c:\dokumente und einstellungen\Klaus Tschorn\Lokale Einstellungen\Anwendungsdaten\awdamzvc_nav.dat c:\dokumente und einstellungen\Klaus Tschorn\Lokale Einstellungen\Anwendungsdaten\awdamzvc_navps.dat . ((((((((((((((((((((((( Dateien erstellt von 2009-08-18 bis 2009-09-18 )))))))))))))))))))))))))))))) . 2009-09-18 20:49 . 2009-09-18 20:49 -------- d-----w- c:\programme\CCleaner 2009-09-18 11:35 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-09-18 11:35 . 2009-08-24 12:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-09-18 11:35 . 2009-08-19 09:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-09-18 11:35 . 2009-09-18 11:36 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools 2009-09-18 11:35 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-09-18 11:35 . 2009-09-18 11:38 -------- d-----w- c:\programme\Spyware Doctor 2009-09-18 11:35 . 2009-09-18 11:35 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\PC Tools 2009-09-18 11:35 . 2009-09-18 11:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools 2009-09-18 11:34 . 2009-09-18 20:30 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-09-11 08:53 . 2009-09-11 08:53 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\Malwarebytes 2009-09-11 08:53 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-11 08:53 . 2009-09-11 08:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-09-11 08:53 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-11 08:53 . 2009-09-11 08:55 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2009-09-10 13:21 . 2009-09-10 13:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2009-09-10 12:57 . 2009-09-10 12:58 -------- d-----w- c:\programme\SUPERAntiSpyware 2009-09-10 12:57 . 2009-09-10 12:57 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\SUPERAntiSpyware.com 2009-09-10 08:30 . 2009-06-21 22:05 153088 ------w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 08:45 . 2006-10-08 11:35 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2009-09-10 12:52 . 2006-10-08 11:09 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2009-09-08 11:15 . 2007-07-20 17:11 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\BDHTHELP 2009-09-08 11:15 . 2006-11-28 10:19 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\FRITZ! 2009-09-08 11:15 . 2006-11-03 11:08 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\ACD Systems 2009-09-08 11:15 . 2006-10-28 07:00 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\AdobeUM 2009-08-15 11:21 . 2006-10-17 01:13 43392 ------w- c:\dokumente und einstellungen\Klaus Tschorn\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-08-15 01:15 . 1979-12-31 22:00 85740 ------w- c:\windows\system32\perfc007.dat 2009-08-15 01:15 . 1979-12-31 22:00 462896 ------w- c:\windows\system32\perfh007.dat 2009-08-15 01:08 . 2009-08-15 01:08 -------- d-----w- c:\programme\MSBuild 2009-08-15 01:08 . 2009-08-15 01:08 -------- d-----w- c:\programme\Reference Assemblies 2009-08-15 01:01 . 2009-08-15 01:01 -------- d-----w- c:\programme\MSXML 6.0 2009-08-14 04:58 . 2009-09-18 11:35 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-08-05 09:05 . 1979-12-31 22:00 206336 ------w- c:\windows\system32\mswebdvd.dll 2009-07-17 18:56 . 1979-12-31 22:00 58880 ------w- c:\windows\system32\atl.dll 2009-06-29 15:55 . 1979-12-31 22:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 15:55 . 1979-12-31 22:00 78336 ------w- c:\windows\system32\ieencode.dll 2009-06-29 15:55 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 18:34 . 1979-12-31 22:00 95744 ------w- c:\windows\system32\mqsec.dll 2009-06-25 18:34 . 1979-12-31 22:00 661504 ------w- c:\windows\system32\mqqm.dll 2009-06-25 18:34 . 1979-12-31 22:00 533504 ------w- c:\windows\system32\mqutil.dll 2009-06-25 18:34 . 1979-12-31 22:00 517120 ------w- c:\windows\system32\mqsnap.dll 2009-06-25 18:34 . 1979-12-31 22:00 48640 ------w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:34 . 1979-12-31 22:00 47104 ------w- c:\windows\system32\mqdscli.dll 2009-06-25 18:34 . 1979-12-31 22:00 225280 ------w- c:\windows\system32\mqoa.dll 2009-06-25 18:34 . 1979-12-31 22:00 186880 ------w- c:\windows\system32\mqtrig.dll 2009-06-25 18:34 . 1979-12-31 22:00 177152 ------w- c:\windows\system32\mqrt.dll 2009-06-25 18:34 . 1979-12-31 22:00 16896 ------w- c:\windows\system32\mqise.dll 2009-06-25 18:34 . 1979-12-31 22:00 138240 ------w- c:\windows\system32\mqad.dll 2009-06-25 18:34 . 1979-12-31 22:00 123392 ------w- c:\windows\system32\mqrtdep.dll 2009-06-25 08:17 . 1979-12-31 22:00 59392 ------w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 1979-12-31 22:00 56320 ------w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 1979-12-31 22:00 168448 ------w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 1979-12-31 22:00 737280 ------w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 1979-12-31 22:00 301568 ------w- c:\windows\system32\kerberos.dll 2009-06-25 08:17 . 1979-12-31 22:00 136192 ------w- c:\windows\system32\msv1_0.dll 2009-06-22 11:49 . 1979-12-31 22:00 19968 ------w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 1979-12-31 22:00 117248 ------w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 1979-12-31 22:00 4608 ------w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 1979-12-31 22:00 91776 ------w- c:\windows\system32\drivers\mqac.sys 2009-06-22 11:35 . 1979-12-31 22:00 92544 ------w- c:\windows\system32\drivers\ksecdd.sys 2005-02-26 09:56 . 2006-10-17 02:04 41579 ------w- c:\programme\mozilla firefox\components\jar50.dll 2005-02-26 09:56 . 2006-10-17 02:04 48229 ------w- c:\programme\mozilla firefox\components\jsd3250.dll 2005-02-26 09:56 . 2006-10-17 02:04 158829 ------w- c:\programme\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-10-29 163576] "SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480] "MSMSGS"="c:\programme\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208] "SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000] "suScheduler"="c:\programme\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 40960] "SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-22 151552] "Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872] "PDService.exe"="c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-03-22 106496] "ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-08 169472] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710] "cssauth"="c:\programme\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-22 208896] "AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-03-23 69632] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AMSG"="c:\programme\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304] "ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600] " Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "ISTray"="c:\programme\Spyware Doctor\pctsTray.exe" [2009-07-22 1181064] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-16 65536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\dokumente und einstellungen\Klaus Tschorn\Startmen\Programme\Autostart\ FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2006-11-28 679936] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-17 113664] BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-03-23 00:03 49152 ------w- c:\programme\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2006-04-17 11:01 32768 ------w- c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-05 21:45 28672 ------w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-11-30 18:16 24576 ------w- c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli csspwntfy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"= "%windir%\\system32\\drivers\\svchost.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18.09.2009 13:35 206256] R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [08.10.2006 13:08 85760] R1 NETDSL;AVM PPP over Ethernet;c:\windows\system32\drivers\netdsl.sys [28.11.2006 12:11 11264] R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [04.09.2009 14:50 9968] R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [04.09.2009 14:49 74480] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [08.10.2006 13:08 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [08.10.2006 13:37 4442] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.06.2009 16:07 108289] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [21.12.2005 17:14 12544] R2 PrivateDisk;PrivateDisk;c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15.11.2005 13:11 46142] R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [18.09.2009 13:35 348752] R2 smi2;smi2;c:\programme\SMI2\smi2.sys [21.12.2005 16:45 3968] R3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\drivers\NETFWDSL.SYS [28.11.2006 12:11 367104] R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [04.09.2009 14:50 7408] S2 smihlp;SMI helper driver;\??\c:\programme\ThinkVantage Fingerprint Software\smihlp.sys --> c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [?] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - MBR *Deregistered* - mbr *Deregistered* - mchInjDrv . Inhalt des "geplante Tasks" Ordners 2009-09-18 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-10-08 23:13] 2006-10-17 c:\windows\Tasks\Symantec NetDetect.job - c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2006-10-08 15:38] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm TCP: {A1A34794-FB50-404B-98E1-DCC61215481A} = 192.168.122.252,192.168.122.253 FF - ProfilePath - c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\Mozilla\Firefox\Profiles\o6ws6mfa.Standard-Benutzer\ FF - prefs.js: browser.search.selectedEngine - Google FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version", c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id", c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "update.mozilla.org,addons.mozilla.org"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub", c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties"); . - - - - Entfernte verwaiste Registrierungseinträge - - - - Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-19 00:07 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-2465208547-1747563841-3488838836-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(1040) c:\programme\SUPERAntiSpyware\SASWINLO.dll c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\tphklock.dll c:\programme\Lenovo\AwayTask\AwayNotify.dll c:\windows\system32\igfxdev.dll c:\windows\system32\notifyf2.dll - - - - - - - > 'lsass.exe'(1096) c:\programme\IBM ThinkVantage\Client Security Solution\csspwntfy.dll c:\programme\IBM ThinkVantage\Client Security Solution\ibmtsp.dll c:\programme\IBM ThinkVantage\Client Security Solution\tcsrpc.dll c:\programme\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll . Zeit der Fertigstellung: 2009-09-18 0:09 ComboFix-quarantined-files.txt 2009-09-18 22:09 Vor Suchlauf: 21 Verzeichnis(se), 24.519.864.320 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 24.769.957.888 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 299 --- E O F --- 2009-09-10 09:27 Vielleicht könnt Ihr mir was dazu sagen. Ich blicke es nicht. Danke. |
|
19.09.2009, 09:53
| #3 |
| | Mit Trojan.DNSChanger begann es... Hallo,
__________________ich habe erst einen Trojaner DNSchanger drauf gehabt. Nachdem es trotz "Superantspyware" und "Malewarebytes-Antmalware" immer wieder gekommen ist, habe ich mir einige eurer Anregungen durchgelesen. Den CCleaner und combo-fix habe ich gesetren durchgeführt (hoffentlich richtig). Hier die logfiles: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:20:15, on 19.09.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\TpShocks.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Picasa2\PicasaMediaDetector.exe C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Programme\Lenovo\AwayTask\AwaySch.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\ThinkVantage\AMSG\Amsg.exe C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\DOKUMENTE UND EINSTELLUNGEN\KLAUS TSCHORN\DESKTOP\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [cssauth] "C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A34794-FB50-404B-98E1-DCC61215481A}: NameServer = 192.168.122.252,192.168.122.253 O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- End of file - 12641 bytes |
|
19.09.2009, 09:55
| #4 |
| | Mit Trojan.DNSChanger begann es... Hallo, hier das logfile von combo-fix:ComboFix 09-09-18.02 - Klaus Tschorn 18.09.2009 23:59.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.502.161 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Klaus Tschorn\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\Gmail c:\dokumente und einstellungen\Klaus Tschorn\Lokale Einstellungen\Anwendungsdaten\awdamzvc.dat c:\dokumente und einstellungen\Klaus Tschorn\Lokale Einstellungen\Anwendungsdaten\awdamzvc_nav.dat c:\dokumente und einstellungen\Klaus Tschorn\Lokale Einstellungen\Anwendungsdaten\awdamzvc_navps.dat . ((((((((((((((((((((((( Dateien erstellt von 2009-08-18 bis 2009-09-18 )))))))))))))))))))))))))))))) . 2009-09-18 20:49 . 2009-09-18 20:49 -------- d-----w- c:\programme\CCleaner 2009-09-18 11:35 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-09-18 11:35 . 2009-08-24 12:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-09-18 11:35 . 2009-08-19 09:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-09-18 11:35 . 2009-09-18 11:36 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools 2009-09-18 11:35 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-09-18 11:35 . 2009-09-18 11:38 -------- d-----w- c:\programme\Spyware Doctor 2009-09-18 11:35 . 2009-09-18 11:35 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\PC Tools 2009-09-18 11:35 . 2009-09-18 11:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools 2009-09-18 11:34 . 2009-09-18 20:30 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-09-11 08:53 . 2009-09-11 08:53 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\Malwarebytes 2009-09-11 08:53 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-11 08:53 . 2009-09-11 08:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-09-11 08:53 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-11 08:53 . 2009-09-11 08:55 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2009-09-10 13:21 . 2009-09-10 13:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2009-09-10 12:57 . 2009-09-10 12:58 -------- d-----w- c:\programme\SUPERAntiSpyware 2009-09-10 12:57 . 2009-09-10 12:57 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\SUPERAntiSpyware.com 2009-09-10 08:30 . 2009-06-21 22:05 153088 ------w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-14 08:45 . 2006-10-08 11:35 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2009-09-10 12:52 . 2006-10-08 11:09 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2009-09-08 11:15 . 2007-07-20 17:11 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\BDHTHELP 2009-09-08 11:15 . 2006-11-28 10:19 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\FRITZ! 2009-09-08 11:15 . 2006-11-03 11:08 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\ACD Systems 2009-09-08 11:15 . 2006-10-28 07:00 -------- d-----w- c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\AdobeUM 2009-08-15 11:21 . 2006-10-17 01:13 43392 ------w- c:\dokumente und einstellungen\Klaus Tschorn\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-08-15 01:15 . 1979-12-31 22:00 85740 ------w- c:\windows\system32\perfc007.dat 2009-08-15 01:15 . 1979-12-31 22:00 462896 ------w- c:\windows\system32\perfh007.dat 2009-08-15 01:08 . 2009-08-15 01:08 -------- d-----w- c:\programme\MSBuild 2009-08-15 01:08 . 2009-08-15 01:08 -------- d-----w- c:\programme\Reference Assemblies 2009-08-15 01:01 . 2009-08-15 01:01 -------- d-----w- c:\programme\MSXML 6.0 2009-08-14 04:58 . 2009-09-18 11:35 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-08-05 09:05 . 1979-12-31 22:00 206336 ------w- c:\windows\system32\mswebdvd.dll 2009-07-17 18:56 . 1979-12-31 22:00 58880 ------w- c:\windows\system32\atl.dll 2009-06-29 15:55 . 1979-12-31 22:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 15:55 . 1979-12-31 22:00 78336 ------w- c:\windows\system32\ieencode.dll 2009-06-29 15:55 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 18:34 . 1979-12-31 22:00 95744 ------w- c:\windows\system32\mqsec.dll 2009-06-25 18:34 . 1979-12-31 22:00 661504 ------w- c:\windows\system32\mqqm.dll 2009-06-25 18:34 . 1979-12-31 22:00 533504 ------w- c:\windows\system32\mqutil.dll 2009-06-25 18:34 . 1979-12-31 22:00 517120 ------w- c:\windows\system32\mqsnap.dll 2009-06-25 18:34 . 1979-12-31 22:00 48640 ------w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:34 . 1979-12-31 22:00 47104 ------w- c:\windows\system32\mqdscli.dll 2009-06-25 18:34 . 1979-12-31 22:00 225280 ------w- c:\windows\system32\mqoa.dll 2009-06-25 18:34 . 1979-12-31 22:00 186880 ------w- c:\windows\system32\mqtrig.dll 2009-06-25 18:34 . 1979-12-31 22:00 177152 ------w- c:\windows\system32\mqrt.dll 2009-06-25 18:34 . 1979-12-31 22:00 16896 ------w- c:\windows\system32\mqise.dll 2009-06-25 18:34 . 1979-12-31 22:00 138240 ------w- c:\windows\system32\mqad.dll 2009-06-25 18:34 . 1979-12-31 22:00 123392 ------w- c:\windows\system32\mqrtdep.dll 2009-06-25 08:17 . 1979-12-31 22:00 59392 ------w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 1979-12-31 22:00 56320 ------w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 1979-12-31 22:00 168448 ------w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 1979-12-31 22:00 737280 ------w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 1979-12-31 22:00 301568 ------w- c:\windows\system32\kerberos.dll 2009-06-25 08:17 . 1979-12-31 22:00 136192 ------w- c:\windows\system32\msv1_0.dll 2009-06-22 11:49 . 1979-12-31 22:00 19968 ------w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 1979-12-31 22:00 117248 ------w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 1979-12-31 22:00 4608 ------w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 1979-12-31 22:00 91776 ------w- c:\windows\system32\drivers\mqac.sys 2009-06-22 11:35 . 1979-12-31 22:00 92544 ------w- c:\windows\system32\drivers\ksecdd.sys 2005-02-26 09:56 . 2006-10-17 02:04 41579 ------w- c:\programme\mozilla firefox\components\jar50.dll 2005-02-26 09:56 . 2006-10-17 02:04 48229 ------w- c:\programme\mozilla firefox\components\jsd3250.dll 2005-02-26 09:56 . 2006-10-17 02:04 158829 ------w- c:\programme\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-10-29 163576] "SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480] "MSMSGS"="c:\programme\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208] "SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000] "suScheduler"="c:\programme\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 40960] "SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-22 151552] "Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872] "PDService.exe"="c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-03-22 106496] "ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-08 169472] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710] "cssauth"="c:\programme\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-22 208896] "AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-03-23 69632] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AMSG"="c:\programme\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304] "ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600] " Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "ISTray"="c:\programme\Spyware Doctor\pctsTray.exe" [2009-07-22 1181064] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-16 65536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\dokumente und einstellungen\Klaus Tschorn\Startmen\Programme\Autostart\ FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2006-11-28 679936] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-17 113664] BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2006-1-17 618557] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-03-23 00:03 49152 ------w- c:\programme\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2006-04-17 11:01 32768 ------w- c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-05 21:45 28672 ------w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-11-30 18:16 24576 ------w- c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli csspwntfy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"= "%windir%\\system32\\drivers\\svchost.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18.09.2009 13:35 206256] R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [08.10.2006 13:08 85760] R1 NETDSL;AVM PPP over Ethernet;c:\windows\system32\drivers\netdsl.sys [28.11.2006 12:11 11264] R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [04.09.2009 14:50 9968] R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [04.09.2009 14:49 74480] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [08.10.2006 13:08 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [08.10.2006 13:37 4442] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.06.2009 16:07 108289] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [21.12.2005 17:14 12544] R2 PrivateDisk;PrivateDisk;c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15.11.2005 13:11 46142] R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [18.09.2009 13:35 348752] R2 smi2;smi2;c:\programme\SMI2\smi2.sys [21.12.2005 16:45 3968] R3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\drivers\NETFWDSL.SYS [28.11.2006 12:11 367104] R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [04.09.2009 14:50 7408] S2 smihlp;SMI helper driver;\??\c:\programme\ThinkVantage Fingerprint Software\smihlp.sys --> c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [?] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - MBR *Deregistered* - mbr *Deregistered* - mchInjDrv . Inhalt des "geplante Tasks" Ordners 2009-09-18 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-10-08 23:13] 2006-10-17 c:\windows\Tasks\Symantec NetDetect.job - c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2006-10-08 15:38] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm TCP: {A1A34794-FB50-404B-98E1-DCC61215481A} = 192.168.122.252,192.168.122.253 FF - ProfilePath - c:\dokumente und einstellungen\Klaus Tschorn\Anwendungsdaten\Mozilla\Firefox\Profiles\o6ws6mfa.Standard-Benutzer\ FF - prefs.js: browser.search.selectedEngine - Google FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version", c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id", c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "update.mozilla.org,addons.mozilla.org"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub", c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties"); . - - - - Entfernte verwaiste Registrierungseinträge - - - - Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-09-19 00:07 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-2465208547-1747563841-3488838836-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(1040) c:\programme\SUPERAntiSpyware\SASWINLO.dll c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\tphklock.dll c:\programme\Lenovo\AwayTask\AwayNotify.dll c:\windows\system32\igfxdev.dll c:\windows\system32\notifyf2.dll - - - - - - - > 'lsass.exe'(1096) c:\programme\IBM ThinkVantage\Client Security Solution\csspwntfy.dll c:\programme\IBM ThinkVantage\Client Security Solution\ibmtsp.dll c:\programme\IBM ThinkVantage\Client Security Solution\tcsrpc.dll c:\programme\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll . Zeit der Fertigstellung: 2009-09-18 0:09 ComboFix-quarantined-files.txt 2009-09-18 22:09 Vor Suchlauf: 21 Verzeichnis(se), 24.519.864.320 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 24.769.957.888 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 299 --- E O F --- 2009-09-10 09:27 |
|
19.09.2009, 10:01
| #5 |
| | Mit Trojan.DNSChanger begann es... Hallo, und drrittens heute gemacht das logfile von random: Logfile of random's system information tool 1.06 (written by random/random) Run by Klaus Tschorn at 2009-09-19 10:17:33 Microsoft Windows XP Professional Service Pack 2 System drive C: has 24 GB (33%) free of 71 GB Total RAM: 502 MB (16% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:19:00, on 19.09.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Spyware Doctor\pctsAuxs.exe C:\Programme\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Picasa2\PicasaMediaDetector.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Programme\Lenovo\AwayTask\AwaySch.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Programme\ThinkVantage\AMSG\Amsg.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Spyware Doctor\pctsTray.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Spyware Doctor\pctsGui.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\DOKUMENTE UND EINSTELLUNGEN\KLAUS TSCHORN\DESKTOP\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\DOKUMENTE UND EINSTELLUNGEN\KLAUS TSCHORN\DESKTOP\Klaus Tschorn.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [suScheduler] C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [cssauth] "C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A34794-FB50-404B-98E1-DCC61215481A}: NameServer = 192.168.122.252,192.168.122.253 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2004\WinStylerThemeSvc.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- End of file - 13742 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\PMTask.job C:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-01 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\programme\google\googletoolbar2.dll [2006-10-17 2141248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programme\google\googletoolbar2.dll [2006-10-17 2141248] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2005-11-07 106496] "TPKMAPHELPER"=C:\Programme\ThinkPad\Utilities\TpKmapAp.exe [2005-10-28 864256] "TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-03-09 94208] "TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536] "SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000] "suScheduler"=C:\Programme\ThinkVantage\SystemUpdate\UCLauncher.exe [2005-08-01 40960] "SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696] "PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [] "Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe [2005-10-28 335872] "PDService.exe"=C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-11-15 49152] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2006-03-23 106496] "ISUSScheduler"=c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "ISUSPM Startup"=c:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824] "Google Desktop Search"=C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe [2006-10-08 169472] "EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2006-02-24 237568] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-01 122940] "DiskeeperSystray"=C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-03-01 196710] "cssauth"=C:\Programme\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-12-21 1996336] "BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog [] "AwaySch"=C:\Programme\Lenovo\AwayTask\AwaySch.EXE [2006-03-23 69632] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "AMSG"=C:\Programme\ThinkVantage\AMSG\Amsg.exe [2005-11-14 487424] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "Adobe Photo Downloader"=C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 57344] "ACWLIcon"=C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [2006-04-17 98304] "ACTray"=C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [2006-04-17 409600] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "ISTray"=C:\Programme\Spyware Doctor\pctsTray.exe [2009-07-22 1181064] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe [2006-10-29 163576] "SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-04 1994480] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2004-10-13 1694208] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe BTTray.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe C:\Dokumente und Einstellungen\Klaus Tschorn\Startmenü\Programme\Autostart FRITZ!DSL Startcenter.lnk - C:\Programme\FRITZ!DSL\StCenter.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify] C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll [2006-04-17 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify] C:\Programme\Lenovo\AwayTask\AwayNotify.dll [2006-03-23 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2] C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey] C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli csspwntfy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update" "C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Programme\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" Teil 2 folgt |
|
| Themen zu Mit Trojan.DNSChanger begann es... |
| antivir, antivir guard, avira, bho, canon, desktop, downloader, dsl, excel, firefox, google, hijack, hijackthis, hkus\s-1-5-18, immer wieder, internet, internet explorer, jusched.exe, lenovo, malware, malwarebytes anti-malware, malwarebytes' anti-malware, mozilla, picasa, registry, security, senden, software, solution, spyware, system, trojaner, windows, windows xp |
Linear-Darstellung
